Monthly Archives: July 2021

Home / 2021 / July

How Remote Work during COVID-19 has Increased Business Vulnerability to Cyber Attacks

Cybersecurity has long been a concern for organizations around the world. Businesses have responded in the past by providing secure work devices, screening and approving software, and hiring an IT team to maintain the company’s cybersecurity efforts.  But coronavirus has led to changes which have increased business vulnerability to cyber attacks.

The ongoing health and economic crisis related to the COVID-19 pandemic is upending business operations and has forced many organizations to introduce telework. In this post, we explore how the hurried transition to remote work has increased business vulnerability to cyber attacks, and what you can do about it.

Increased business vulnerability to cyber attacks #1: Blurred Boundaries

While remote work has allowed most businesses to remain operational, it has obscured the boundaries between work and personal life. Employees can not only work from their kitchen tables, but they can also access corporate data on personal devices.

Organizations take security precautions with their work devices, but the same protection might not exist on personal devices. This lack of protection exposes an organization’s data to cybersecurity threats,.

Employees are not the only people likely to use work devices for personal use. For example, their family members might gain access to their devices and unknowingly download malware.

Employees are also less likely to keep up with software updates, meaning their devices remain exposed to vulnerabilities which an update fixes.

In addition to a rise in the use of personal devices for work, remote working has seen an increase in “shadow IT.”  Shadow IT is the phenomenon whereby employees find tools and software on their own to help them fulfill their responsibilities.  This increases the attack surface and vulnerabilities.

Increased business vulnerability to cyber attacks #2: Unsafe Networks

Remote working has given employees the freedom to work anywhere, and this is not limited to their homes. Employees can easily work in public areas such as cafes and libraries, and even use the free Wi-Fi provided in these areas.

However, this introduces the risk of connecting to an unsafe network, where their traffic and data are intercepted or credentials harvested.

Free Wi-Fi is, however, not the only potential attack surface. Poorly secured home networks are as risky as public Wi-Fi. Criminals can easily hack into unsecured or poorly secured home networks.

Increased business vulnerability to cyber attacks #3: Human Error

Long before the pandemic, human error was a contributing factor to cyberattacks. But the number has increased since 2020, with 95% of cyber breaches resulting from human error. Unintentional actions by employees, such as downloading a malware-infected file, can lead to data loss.

Human error also increases with sophisticated social engineering attacks, which trick employees into handing over sensitive corporate data.

Poor password practices are another common source of human error. When working remotely, your employees have to set up conferencing and work applications, which often require credentials. Creating passwords constantly can be overwhelming,  leading employees to use the same password for all their accounts. Using similar credentials makes it easier for criminals to attack, as they can simply try using known passwords.

How You Can Protect Your Business

Work from home during the pandemic has fueled the growth of cybercrimes. Malicious actors continue to identify and exploit vulnerabilities that came with the transition to remote work.

The good news is that there are simple measures you can take today to protect your business from cyberattacks and the costs associated with a data breach. They include:

  • Develop a remote work cybersecurity policy with provisions for the security measures your remote team should take
  • Educate your remote employees on the importance of cybersecurity, the common cyber-attacks, and the steps they can take to protect their devices and networks
  • Limit the access employees have to corporate data (let them access only what they need to perform their duties).

 

 

 

 

COVID-19 Fraud Prevention Best Practices

 

Fraud has been an increasingly common threat for enterprises as COVID-19 continues to dominate headlines. With the virtualization of many activities in the pandemic, criminals are getting even more creative in the ways they perpetrate fraud through cyber and web systems.

Consequently, there’s an urgent need to adopt COVID-19 fraud prevention best practices that can help address the associated rise in cyber vulnerabilities. Some of the COVID-19 fraud prevention best practices to keep in mind include:

1.      COVID-19 fraud prevention best practice: Increase Security for Video Conferencing Platforms

As social interaction gradually shifts online, video conferencing platforms have become a prime target for scammers. Criminals will attend a meeting where they are unauthorized and collect sensitive corporate data.

You can protect the video conferencing platforms you use by;

  • Requiring each invited attendant to use a password before joining the meeting
  • Designating co-hosts and moderators to monitor the chat room
  • Implementing features such as virtual waiting rooms that allow you to see who is attempting to join before allowing access

2.      COVID-19 fraud prevention best practice: Educate Yourself and Your Employees

COVID-19 scams continue to evolve in their sophistication. Keeping up with the latest scams and how criminals execute them is an important step for keeping safe. Some of the tactics criminals are using during the pandemic include:

  • Sending legitimate-looking emails with malicious links or attachments;
  • Setting up fake websites to impersonate government agencies, charity institutions, and healthcare providers;
  • Sending unsolicited emails, texts, or phone calls that threaten adverse action. (For example, a scammer might threaten tax penalties for filing a wrong return, and request you to send your information so they can correct it).

Educating yourself about cybersecurity risks includes knowing what to do in case you are the victim of a cyber attack. The steps to take usually differ based on the nature of the attack.

For example, for an individual whose financial information is compromised through identity theft, your first step should be reporting to the police and credit bureaus.

For organizations targeted through a cyber attack, you will take additional steps such as informing customers and shareholders, and instituting measures to mitigate the effects of the attack.

Knowing what to do after an attack prepares you to take action when a cyber incident occurs.

3.      COVID-19 fraud prevention best practice: Keep Your Computer and Mobile Devices Updated

Computers and mobile devices come in handy, enabling us to stay connected and continue our economic activities. However, they also present security risks when not updated. Updating your phone and computer keeps the devices safe as most of these updates come with security patches.

The longer you take before updating your devices, the higher the risk of cybercriminals targeting your device through the security vulnerabilities that the update fixed.

Phones and computers have settings that allow the device to notify you any time a new update is available.

Reducing Your Exposure to Fraud during COVID-19

While it is impossible to prevent COVID-19-related fraud entirely, you can take steps that minimize your exposure. You do not need special skills or qualifications to protect yourself from cyber fraud. With simple steps such as educating yourself and employees, updating your devices and software, and taking steps to protect your video conferences, you can reduce your exposure to COVID-19 fraud substantially. Other additional steps you can take include;

  • Control the information you share with organizations and individuals. Be careful about sharing sensitive information over the phone or email.
  • Limit access to your computer and devices using strong passwords
  • Strengthen your home network
  • Use anti-virus and anti-malware protection on your devices

 

 

 

Ideas for Companies to Enhance Cybersecurity amid COVID-19 Pandemic

COVID-19 has had an undeniable impact on cybersecurity. Therefore, it remains important for companies to enhance cybersecurity to protect their systems as much as possible from malicious actors.

Cybersecurity during the COVID-19 era demands a multi-faceted approach. It is no longer the preserve of IT departments, but the responsibility of every person within your organization.

Here are tips for companies to enhance cybersecurity efforts during the pandemic.

Tip #1 for companies to enhance cybersecurity: Employee Training

Employees are the backbone of any organization. However, they also can be the weakest cybersecurity link in your organization.

One significant trend you can discover from the pandemic cyber-attacks is the role of human error in facilitating these attacks. Sometimes employees recklessly access corporate data over an unsecured network. Others set weak passwords to their work accounts.  Failure to educate them to the dangers of cybersecurity can be costly.

Accordingly, we review some best practices to keep in mind when offering cybersecurity training so companies can enhance cybersecurity:

  • Make it a regular practice to train employees on the changing cybersecurity concepts they should know.
  • Train your employees on the importance of strong passwords, and about the tools they can use to manage passwords.
  • Train your employees to recognize social engineering and phishing attacks.
  • Incorporate cybersecurity training into your onboarding process.

Tip #2 for companies to enhance cybersecurity: Develop Cybersecurity Policies

A cybersecurity policy is one of the ways to protect your business from the increasing cyberattacks during COVID-19. The policy identifies the key assets and systems you need to protect, the threats to these assets, and the rules and systems for protecting these assets.

A cybersecurity policy should include:

  • Strong password requirements
  • Email security guidelines, including when to share an email address and spam filtering rules
  • Guidelines on handling sensitive data, including who can access this data and the sharing protocols
  • Rules on handling technology; for example, setting rules on which devices employees should use when accessing corporate networks
  • Social media and internet access standards
  • Possible steps to take in case of a cyber-incident, including a prevention and incident response plan

In addition to preparing a cybersecurity policy, you should regularly update it to ensure you incorporate the latest best practices within the industry to keep your company protected and prepared.

Tip #3 for companies to enhance cybersecurity: Set up the necessary controls

COVID-19 increased the number of people working remotely. For businesses, this meant an increase in the risk of employees using unauthorized devices and technologies, increasing the risk of cyberattacks. To mitigate these risks, businesses should:

  • Shorten patching cycles for critical systems and networks necessary for remote working
  • Set up multifactor authentication for accessing sensitive and critical applications
  • Install special controls for facility-based applications
  • Set measures to transition, support, and protect shadow IT critical to business operations
  • Facilitate faster device virtualization
  • Support the transition to secure remote working tools by helping employees set up the security tools they need to remain safe while working remotely.

Protecting Business Systems

COVID-19 has led to the emergence of a cyber-pandemic characterized by increasing, daily security threats to businesses. Businesses exist with the constant threat that malicious actors could target their data and systems. Fortunately, steps such as educating employees and setting the right cybersecurity practices can help companies enhance cybersecurity.  They can help protect against these threats and help prepare a response in case of an attack.